科技回声

13 条评论

Zaheer大约 7 年前

In case it obvious to others: "Domain fronting is a technique that circumvents Internet censorship by hiding the true endpoint of a connection. Working in the application layer, domain fronting allows a user to connect to a blocked service over HTTPS, while appearing to communicate with an entirely different site. [...] This can be done if the blocked and the innocuous sites are both hosted by the same large provider, such as Google App Engine.' [1]Amazon also recently acquired Souq so wondering if the 'same large provider' in this case is AWS?[1] <a href="https://en.wikipedia.org/wiki/Domain_fronting" rel="nofollow">https://en.wikipedia.org/wiki/Domain_fronting</a>

评论 #16868754 未加载

评论 #16869047 未加载

jlund大约 7 年前

Hey, everyone. We spent a decent amount of time at Signal trying to come up with alternatives when we first heard rumors that Google was disabling domain fronting on GAE.We're using Souq because it is popular in the countries where we have Censorship Circumvention enabled (Egypt, Oman, Qatar, and UAE) but it would be nice to have other options on CloudFront as well. It's possible that we overlooked other highly ranked domains in these countries that use the CloudFront CDN.If anyone has any suggestions, we would appreciate them.

评论 #16870595 未加载

vmarquet大约 7 年前

Note that domain fronting is not only usefull to circumvent Internet censorship, it's also used by malware.With domain fronting, you can exfiltrate data from a company by making the connection appear to go to a legitimate google service (ex: drive.google.com), whereas it actually is going to a server hosted on google cloud services and controlled by an attacker.

评论 #16869310 未加载

评论 #16869409 未加载

评论 #16869259 未加载

praseodym大约 7 年前

I cannot find a first-party source of why and when Google is shutting down domain fronting, but it makes sense from a cybersecurity perspective. Domain fronting is widely used by malware [1, 2] to evade network-based detection.[1] <a href="https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html" rel="nofollow">https://www.fireeye.com/blog/threat-research/2017/03/apt29_d...</a> [2] <a href="https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/" rel="nofollow">https://www.cyberark.com/threat-research-blog/red-team-insig...</a>

评论 #16870848 未加载

评论 #16869150 未加载

Shank大约 7 年前

Honestly, seems like a crummy move on Google's part. They're obviously not obligated to keep this running, but it's one of the best ways to evade censorship that doesn't get blocked. It's really a shame.

评论 #16868919 未加载

kodablah大约 7 年前

Can someone share a link to Google talking about shutting this down? I assume they are going to stop allowing appspot (i.e. AppEngine) host headers for google.com requests?

评论 #16876229 未加载

评论 #16869144 未加载

tantalor大约 7 年前

For those wondering what "domain fronting" is,<a href="https://en.wikipedia.org/wiki/Domain_fronting" rel="nofollow">https://en.wikipedia.org/wiki/Domain_fronting</a> circumvents Internet censorship by hiding the true endpoint of a connection

评论 #16868875 未加载

eterm大约 7 年前

What are we looking at here?Is this related to Russia blocking a ton of google IPs to enforce the telegram block, or is that a separate thing entirely?

评论 #16896197 未加载

equalunique大约 7 年前

Basics of domain fronting & how it relates to Signal: <a href="https://www.wired.com/2016/12/encryption-app-signal-fights-censorship-clever-workaround/" rel="nofollow">https://www.wired.com/2016/12/encryption-app-signal-fights-c...</a>In-depth explanation of Domain Fronting: <a href="https://www.bamsoftware.com/papers/fronting/" rel="nofollow">https://www.bamsoftware.com/papers/fronting/</a>

buildbuildbuild大约 7 年前

This will possibly affect the Tor project's Meek pluggable transport as well which is used for many bridges.<a href="https://www.torproject.org/docs/pluggable-transports.html.en" rel="nofollow">https://www.torproject.org/docs/pluggable-transports.html.en</a>

评论 #16896192 未加载

dewey大约 7 年前

I was reading up on this topic a few days ago and found this to be an interesting introduction:<a href="https://medium.com/@pmvk/domain-fronting-a-technique-used-to-circumvent-internet-censoring-10ef1bb3db84" rel="nofollow">https://medium.com/@pmvk/domain-fronting-a-technique-used-to...</a>

TheSwordsman大约 7 年前

Is there any sort of product page listing for their CDN solution? I've heard of Souq as an online retailer, but didn't know you could have them act as a CDN.

hapnin大约 7 年前

Note: souq.com is based out of Dubai, as is Telegram.

评论 #16870068 未加载

13 条评论

Zaheer大约 7 年前

评论 #16868754 未加载

评论 #16869047 未加载

jlund大约 7 年前

评论 #16870595 未加载

vmarquet大约 7 年前

评论 #16869310 未加载

评论 #16869409 未加载

评论 #16869259 未加载

praseodym大约 7 年前

评论 #16870848 未加载

评论 #16869150 未加载

Shank大约 7 年前

评论 #16868919 未加载

kodablah大约 7 年前

Can someone share a link to Google talking about shutting this down? I assume they are going to stop allowing appspot (i.e. AppEngine) host headers for google.com requests?

评论 #16876229 未加载

评论 #16869144 未加载

tantalor大约 7 年前

评论 #16868875 未加载

eterm大约 7 年前

What are we looking at here?Is this related to Russia blocking a ton of google IPs to enforce the telegram block, or is that a separate thing entirely?

评论 #16896197 未加载

equalunique大约 7 年前

buildbuildbuild大约 7 年前

评论 #16896192 未加载

dewey大约 7 年前

TheSwordsman大约 7 年前

Is there any sort of product page listing for their CDN solution? I've heard of Souq as an online retailer, but didn't know you could have them act as a CDN.

hapnin大约 7 年前

Note: souq.com is based out of Dubai, as is Telegram.

评论 #16870068 未加载

Google shuttering domain fronting, Signal moving to souqcdn.com

13 条评论

Google shuttering domain fronting, Signal moving to souqcdn.com

13 条评论